On So, 2014-07-13 at 16:01 -0400, Betsy Schwartz wrote:
> We're running primarily RHEL6, and Puppet Enterprise 3.2
>
> In our non-puppetized world, we make heavy use of netgroups (stored in
> ldap, entered in /etc/passwd) to control access to servers.
Would pam_access work for your use case?
Instead of adding the netgroups to passwd, you configure this
in /etc/security/access.conf.
There are also some modules on Puppet Forge, which allow management of
this file.
Btw. Augeas can not parse /etc/passwd, if you add the +@netgroup lines.
Regards,
Stefan